System and method for user enrollment in a secure biometric verification system

ABSTRACT

A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user&#39;s identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.15/634,691 filed on Jun. 27, 2017, which is a Continuation of U.S.patent application Ser. No. 14/127,103 filed on May 16, 2014, whichclaims priority to PCT Patent Application No. PCT/US2012/037983 filed onMay 15, 2012, which claims priority to U.S. Patent Application No.61/502,453 filed on Jun. 29, 201, all of which are incorporated hereinby reference in their entirety.

FIELD OF THE INVENTION

The invention relates generally to a biometric verification system, andmore specifically to a method and system for authenticating a user'sidentity.

BACKGROUND OF THE INVENTION

The present invention generally pertains to identity verificationsystems. More specifically, the present invention pertains to biometricsecurity systems that provide an enhanced defense against fraudulent useof an individual's identity to complete a transaction.

Within a typical biometric security system, there are at least twooperations, enrollment and verification. The operation of enrollmentencompasses the original sampling of a person's biographic and biometricinformation, confirmation of the identity and its owner, and thecreation and storage of a biometric template associated with theidentity (a.k.a., an enrollment template) that is a data representationof the original sampling. The operation of verification includes aninvocation of a biometric sample for the identification of a system userthrough comparison of a data representation of the biometric sample withone or more stored enrollment templates.

Biometric information is, by nature, reasonably public knowledge. Aperson's biometric data is often casually left behind or is easily seenand captured. This is true for all forms of biometric data including,but not limited to, fingerprints, iris features, facial features, andvoice information. As an example, consider two friends meeting. The onefriend recognizes the other by their face and other visible keycharacteristics. That information is public knowledge. However, a photoof that same person ‘is’ not that person. This issue similarly applies,electronically, to computer-based biometric authentication wherein acopy of authorized biometric information is susceptible to beingsubmitted as a representation of the corresponding original information.In the context of biometric security applications, what is important,what enables a secure verification is a unique and trusted invocation ofan authorized biometrics.

SUMMARY OF THE INVENTION

The purpose and advantages of the invention will be set forth in andapparent from the description that follows. Additional advantages of theinvention will be realized and attained by the devices, systems andmethods particularly pointed out in the written description and claimshereof, as well as from the appended drawings.

To achieve these and other advantages and in accordance with the purposeof the invention, as embodied, the invention includes in one aspect acomputer-implemented method for verifying the identity of a user in anidentity authentication and biometric verification system. The methodincludes collecting information from the user regarding the user'sidentity (such as a passport), which is then electronicallyauthenticated. Upon authentication, personal information regarding theverified identity of the user is retrieved from a source database, whichis used to verify the user, via user interaction. Upon successfulverification and authentication, biometric data regarding the user iselectronically collected and matched to the personal informationretrieved from the source database. Another aspect of the invention mayinclude the functionality to perform scoring or qualification screeningas well as providing a user with a token on a smart card device or via acardless system.

In a further illustrated aspect of the invention, provided is anauthentication and biometric verification system adapted toelectronically couple to at least one electronic source database forauthenticating the identity of a user. The system preferably includes acentral processing system configured to receive information regardingthe identity of a user and verifying the identity of the user based uponthe received information. Upon successful verification, the centralprocessing system is further configured to retrieve from at least oneelectronic source database information relating to the user verifiedidentity to authenticate a user's identity via interaction with the userapplicant. Further provided is a biometric collection deviceelectronically coupled to the central processing system adapted andconfigured to collect biometric data from a user applicant uponsuccessful authentication of the user applicant. A payload processorcomponent is further preferably provided and electronically coupled tothe central processing system adapted and configured to convert thecollected user applicant biometric information into an electronicpayload.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and features of the invention can be understood withreference to the following detailed description of an illustrativeembodiment of the present invention taken together in conjunction withthe accompanying drawings in which:

FIG. 1 is a system level diagram of a computering environment used bythe present invention;

FIG. 2 is a system level diagram of components of the present inventionin accordance with an illustrated embodiment; and

FIGS. 3 and 4 are flow charts depicting operation of the presentinvention in accordance with the illustrated embodiment of FIG. 2.

WRITTEN DESCRIPTION OF CERTAIN EMBODIMENTS OF THE INVENTION

The present invention is now described more fully with reference to theaccompanying drawings, in which an illustrated embodiment of the presentinvention is shown. The present invention is not limited in any way tothe illustrated embodiment as the illustrated embodiment described belowis merely exemplary of the invention, which can be embodied in variousforms, as appreciated by one skilled in the art. Therefore, it is to beunderstood that any structural and functional details disclosed hereinare not to be interpreted as limiting, but merely as a basis for theclaims and as a representative for teaching one skilled in the art tovariously employ the present invention. Furthermore, the terms andphrases used herein are not intended to be limiting but rather toprovide an understandable description of the invention.

It is to be appreciated that the embodiments of this invention asdiscussed below preferably include software algorithms, programs, and/orcode residing on computer useable medium having control logic forenabling execution on a machine having a computer processor. The machinetypically includes memory storage configured to provide output fromexecution of the computer algorithm or program. Where a range of valuesis provided, it is understood that each intervening value, to the tenthof the unit of the lower limit unless the context clearly dictatesotherwise, between the upper and lower limit of that range and any otherstated or intervening value in that stated range is encompassed withinthe invention. The upper and lower limits of these smaller ranges isalso encompassed within the invention, subject to any specificallyexcluded limit in the stated range. Where the stated range includes oneor both of the limits, ranges excluding either or both of those includedlimits are also included in the invention.

Unless defined otherwise, all technical and scientific terms used hereinhave the same meaning as commonly understood by one of ordinary skill inthe art to which this invention belongs. Although any methods andmaterials similar or equivalent to those described herein can also beused in the practice or testing of the present invention, exemplarymethods and materials are now described. All publications mentionedherein are incorporated herein by reference to disclose and describe themethods and/or materials in connection with which the publications arecited.

It must be, noted that as used herein and in the appended claims, thesingular forms “a”, “an,” and “the” include plural referents unless thecontext clearly dictates otherwise. Thus, for example, reference to “astimulus” includes a plurality of such stimuli and reference to “thesignal” includes reference to one or more signals and equivalentsthereof known to those skilled in the art, and so forth,

Turning now descriptively to the drawings, in which similar referencecharacters denote similar elements throughout the several views, FIG. 1depicts an exemplary general-purpose computing system in whichillustrated embodiments of the present invention may be implemented.

A generalized computering embodiment in which the present invention canbe realized is depicted in FIG. 1 illustrating a processing system 100which generally comprises at least one processor 102, or processing unitor plurality of processors, memory 104, at least one input device 106and at least one output device 108, coupled together via a bus or groupof buses 110. In certain embodiments, input device 106 and output:device 108 could be the same device. An interface 112 can also beprovided for coupling the processing system 100 to one or moreperipheral devices, for example interface 112 could be a PCI card or PCcard. At least one storage device 114, which houses at least onedatabase 116 can also be provided. The memory 104 can be any form ofmemory device, for example, volatile or non-volatile memory, solid statestorage devices, magnetic devices, etc. The processor 102 could comprisemore than one distinct processing device, for example to handledifferent functions within the processing system 100. Input device 106receives input data 118 and can comprise, for example, a keyboard, apointer device such as a pen-like device or a mouse, audio receivingdevice for voice controlled activation such as a microphone, datareceiver or antenna such as a modem or wireless data adaptor, dataacquisition card, etc. Input data 118 could come from different sources,for example keyboard instructions in conjunction with data received viaa network. Output device 108 produces or generates output data 120 andcan comprise, for example, a display device or monitor in which caseoutput data 120 is visual, a printer in which case output data 120 isprinted, a port for example a USB port, a peripheral component adaptor,a data transmitter or antenna such as a modem or wireless networkadaptor, etc. Output data 120 could be distinct and derived fromdifferent output devices, for example a visual display on a monitor inconjunction with data transmitted to a network. A user could view dataoutput, or an interpretation of the data output, on, for example, amonitor or using a printer. The storage device 114 can be any form ofdata or information storage means, for example, volatile or non-volatilememory, solid state storage devices, magnetic devices, etc.

In use, the processing system 100 is adapted to allow data orinformation to be stored in and/or retrieved from, via wired or wirelesscommunication means, at least one database 116. The interface 112 mayallow wired and/or wireless communication between the processing unit102 and peripheral components that may serve a specialized purpose.Preferably, the processor 102 receives instructions as input data 118via input device 106 and can display processed results or other outputto a user by utilizing output device 108. More than one input device 106and/or output device 108 can be provided. It should be appreciated thatthe processing system 100 may be any fonts of terminal, server,specialized hardware, or the like.

It is to be appreciated that the processing system 100 may be a part ofa networked communications system. Processing system 100 could connectto a network, for example the Internet or a WAN. Input data 118 andoutput data 120 could be communicated to other devices via the network.The transfer of information and/or data over the network can be achievedusing wired communications means or wireless communications means. Aserver can facilitate the transfer of data between the network and oneor more databases. A server and one or more databases provide an exampleof an information source.

Thus, the processing computing system environment 100 illustrated inFIG. 1 may operate in a networked environment using logical connectionsto one or more remote computers. The remote computer may be a personalcomputer, a server, a router, a network PC, a peer device, or othercommon network node, and typically includes many or all of the elementsdescribed above.

It is to be further appreciated that the logical connections depicted inFIG. 1 include a local area network (LAN) and a wide area network (WAN),but may also include other networks such as a personal area network(PAN). Such networking environments are commonplace in offices,enterprise-wide computer networks, intranets, and the Internet. Forinstance, when used in a LAN networking environment, the computingsystem environment 100 is connected to the LAN through a networkinterface or adapter. When used in a WAN networking environment, thecomputing system environment typically includes a modem or other meansfor establishing communications over the WAN, such as the Internet. Themodem, which may be internal or external, may be connected to a systembus via a user input interface, or via another appropriate mechanism. Ina networked environment, program modules depicted relative to thecomputing system environment 100, or portions thereof, may be stored ina remote memory storage device. It is to be appreciated that theillustrated network connections of FIG. 1 are exemplary and other meansof establishing a communications link between multiple computers may beused.

FIG. 1 is intended to provide a brief, general description of anillustrative and/or suitable exemplary environment in which embodimentsof the below described present invention may be implemented. FIG. 1 isan example of a suitable environment and is not intended to suggest anylimitation as to the structure, scope of use, or functionality of anembodiment of the present invention. A particular environment should notbe interpreted as having any dependency or requirement relating to anyone or combination of components illustrated in an exemplary operatingenvironment. For example, in certain instances, one or more elements ofan environment may be deemed not necessary and omitted. In otherinstances, one or inure other elements may be deemed necessary andadded.

In the description that follows, certain embodiments may be describedwith reference to acts and symbolic representations of operations thatare performed by one or more computing devices, such as the computingsystem environment 100 of FIG. 1. As such, it will be understood thatsuch acts and operations, which are at times referred to as beingcomputer-executed, include the manipulation by the processor of thecomputer of electrical signals representing data in a structured form.This manipulation transforms the data or maintains them at locations inthe, memory system of the computer, which reconfigures or otherwisealters the operation of the computer in a manner understood by thoseskilled in the art. The data structures in which data is maintained arephysical locations of the memory that have particular, propertiesdefined by the format of the data. However, while an embodiment is beingdescribed in the foregoing context, it is not meant to be limiting asthose of skill in the art will appreciate that the acts and operationsdescribed hereinafter may also be implemented in hardware.

Embodiments may be implemented with numerous other general-purpose orspecial-purpose computing devices and computing system environments orconfigurations. Examples of well-known computing systems, environments,and configurations that may be suitable for use with an embodimentinclude, but are not limited to, personal computers, handheld or laptopdevices, tablet devices, personal digital assistants, multiprocessorsystems, microprocessor-based systems, set. top boxes, programmableconsumer electronics, network, minicomputers, server computers, gameserver computers, web server computers, mainframe computers, anddistributed computing environments that include any of the above systemsor devices.

Embodiments may be described in a general context of computer-executableinstructions, such as program modules, being executed by a computer,Generally, program modules include routines, programs, objects,components, data structures, etc., that perform particular tasks orimplement particular abstract data types. An embodiment may also bepracticed in a distributed computing environment where tasks areperformed by remote processing devices that are linked through acommunications network, in a distributed computing environment, programmodules may be located in both local and remote computer storage. mediaincluding memory storage devices.

With the exemplary computing system environment 100 of FIG. 1 beinggenerally shown and discussed above, reference is now made to FIG. 2which depicts an illustrated embodiment of the system of the presentinvention, designated generally by reference numeral 200. With regardsto system architecture 200, system 200 is to be understood to consist oftwo primary data processing environments: (i) a backend environment,which is generally a processing system and a database of records, and(ii) a customer service environment, which preferably contains only asubset of data required to service users 290 and applicant users on aday-to-day basis. As depicted in the illustrated embodiment of FIG. 2,all connections and interactions between the systems are understood tobe handled through encrypted methods such as secure internet connections(“S&L”), virtual private networks (“VPN”) and any other similar known,or unknown methods. Additionally firewalls may be used for addedsecurity protection. It is to be understood, in accordance with theillustrated embodiments, data in transit is preferably encrypted at alltimes.

In accordance with the illustrated embodiment of FIG. 2, system 200preferably includes a central processing system 210 (preferablyencompassing components of computering system 100) operative andconfigured to manage and protect the biographic and biometricinformation used to provision the services of the system 200 to Users290 and “Benefit Providers”. It is to be understood and appreciated theterm “Benefit Providers”, for purposes of the present invention, is tobe understood to mean organizations that leverage the verificationprocess described herein. to confirm user identity in order to provide aproduct or service to a User 290. For example, CLEAR® is a serviceprovider approved by the Transportation Security Administration (TSA)that performs biometric verification in order to provide the benefit ofbypassing the traditional TSA Travel Document Checker (MC). As discussedfurther below, central processing system 210 is preferably adapted andconfigured to communicate with third party data sources havinginformation relevant, and preferably personal, to a user 290 so as toauthenticate the user. An example of such a third party data sourceincludes, but is not limited to, LexisNexis, and other similar datasources.

Central processing system 210 is electronically coupled to a payloadprocessor system 220, a card production system 230 and member managementsystem 240, each preferably encompassing components of computeringsystem 100. Briefly, payload processor system 220 is operative andconfigured to convert User 290 biographic and biometric information intoan electronic payload that can he loaded onto a smart card or otheridentity confirmation token for use in verification processes. Cardproduction system 230 is operative and configured to create smart cardsor other tokens containing the User 290 payload. And member managementsystem 240 is operative and configured to manage User 290 informationand transactions such as biographic data updates (change of address,phone number, email, etc . . . ) as well as billing information andtransactions. The member management system 240 may also provideinformation regarding usage and benefits.

It is to be appreciated and understood by one skilled in the art, thecentral processing system 210 is configured and operative to transmitdata with each of the payload processor system 220, the card productionsystem 230 and member management system 240 through any known suitablemeans. In the illustrated embodiment of FIG, 2, an encryptedtransmission method such as Secure File Transfer Protocol (SFTP) orSecure Socket Layer (SSL) (242, 244, 246) is employed to transmit databetween the central processing system 210, the payload processing system220, the card production system 230, and the member management system240, While the illustrated embodiment of the invention depicts acryptographic Secure Sockets Layer (SSL) 246 to transmit data betweenthe central processing system and the member management system 240 (theSSL 246 is to be understood to be only an exemplary method fortransmitting data as any suitable method may be utilized).

In accordance with the illustrated embodiment of FIG. 2, system 200further includes a plurality of kiosk devices 250 disposed in differinggeographic locations (such as airports, but not limited thereto) forenabling enrollment and identity verification, as discussed furtherbelow. For the purposes of the present invention, each kiosk device 250is to be understood to be an electronic kiosk (or computer kiosk orinteractive kiosk) housing a computer terminal preferably employingsoftware configured to enable the required user 290 enrollment andverification functionality while preventing users 290 from accessingsystem functions. It is to be appreciated and understood eachcomputerized kiosk 250 communicates with the central processing system210, Each kiosk 250 may be configured and operational to includebiometric capture devices (such as fingerprint and/or iris capturedevices, camera(s), card readers(s), trackballs, computer keyboards,pushbuttons and other typical input devices associated with interactivecomputer kiosks),

It is to be appreciated and understood by one skilled in the art, eachkiosk 250 electronically communicates with the central processing system210 using any known and suitable secure electronic method. In theillustrated embodiment of FIG. 2, a Virtual Private Network (VPN) link248 is established between each kiosk 250 and the central processingsystem 210, preferably through a firewall 246. Input devices thatcommunicate with the kiosk 250 can be physically attached to the kiosk250 or remotely communicating with the kiosk 250 to provide theinformation needed to perform enrollment or verification functions.

To aid the enrollment process, system 200 is further configured andoperative to couple to third-party computering devices 260 accessible bya user 290 for enrollment purposes, as further explained below. It is tobe appreciated and understood by one skilled in the art, each thirdparty computering device 260 (e.g., a desktop or laptop computer, tabletdevice, smart phone, etc.) electronically communicates with the membermanagement system 240 using any known and suitable secure electronicmethod. In the illustrated embodiment of FIG. 2, each third partycomputering device 260 electronically communicates with the membermanagement system 240 via an internet Secure Sockets Layer (SSL)connection 262, preferably through a firewall 264.

It is to be appreciated and understood system 200 is preferablyoperative and configured to maintain remote monitoring capability of itsfield located kiosks 250 whereby monitoring and measuring of systemperformance and metrics will provide the information necessary forsystem 200 to continually evaluate the performance and effectiveness ofall components of system 200. It is to be further appreciated andunderstood, data relating to an applicant, member, and/or potentialmember 290 is not to be stored locally at a kiosk 250. That is, nopersonally identifiable information is stored in kiosks 250 or any otherfield storage devices associated with system 200 (e.g., laptops).Additionally, it is to be understood and appreciated, system 200utilizes the aforesaid encryption such as SFTP, SSL, and VPNconnections, along with protection by Firewalls, to ensure the securityof data in system 200.

With the system 200 in accordance with the illustrated embodiments ofFIGS. 1 and 2 being described above, its method and process of operationwill now be described in accordance with the illustrated diagrams ofFIGS. 3 and 4 (with continuing reference to FIGS. 1 and 2). First, withreference to FIG. 3 an exemplary enrollment process for an applicantuser 290 with system 200 will be described.

Starting at step 310, a user first preferably provides the appropriateenrollment payment information and user background/demographicinformation to system 200. This information is preferably input to themember management system 240. It is to be appreciated this informationmay be input to the member management system 240 from a user, via a usercomputering device 260 or a system kiosk 250 as illustrated in FIG, 2.In particular, the user computering device 260 preferably couples to themember management system 240 using an internet address coupling (e.g.,www.clearme.com), which coupling is preferably an SSL internet 262coupled connection, through firewall(s) 264, providing a secure andencrypted coupling.

Next, at step 320 the member management system 240 is configured andoperative to store the aforesaid user payment and billing informationalong with the user's background and demographic information necessaryfor membership information and verification purposes. The remainingportion of the user 290 input information from step 310 is preferablytransmitted to the central processing system 210. it is also to beappreciated that if a kiosk 250 is used for user enrollment purposes,the user's 290 input enrollment information is preferably transmitted tothe central processing system 210, which in turns sends userbilling/payment information and other appropriate membership informationto the member management system 240 for storage therein.

Next, to complete the enrollment process, a user 290 is preferablypresent at a kiosk 250 (or user computering device 260) whereby thecentral processing system 210 is configured and operative to send userdemographic information to the kiosk 250 the user is present at,preferably in real-time, so as to be authenticated by a user 290preferably in the presence of a system attendant for user authentication(step 330). That is, this is the process whereby the user's identity isauthenticated via data collected from external sources such as apassport, driver's license (and the like) and the successful completionof answers to questions which are specific to the user, as set forthabove. Upon such user authentication, the kiosk 250 is preferablyconfigured and operative to scan and authorize certain userdocumentation to authenticate the user 290 (step 340). For instance,each kiosk 250 may be configured and operative to only accept thoseforms of identification that Benefit Providers such as the TSA hasdeemed acceptable and that can be authenticated. As an additionalmeasure of security for verifying the identity of an enrolling user 290,system 200 is configured and operative to perform an authentication usertest (step 330). As mentioned above, once the identity of the userapplicant is authenticated (step 320), the central processing system 210is preferably adapted and configured to communicate with a remote thirdparty data source (e.g., Lexis Nexis) to retrieve data relevant andpersonal to the verified identity of the user applicant 290. This data(e.g., the amount of a mortgage or automobile payment), is used bycentral processing system 210 to authenticate the user applicant 290 soas to mitigate any instance of identity theft, as now discussed below.

In a preferred embodiment, the aforesaid retrieved authenticating datais utilized by system 200 to formulate a quiz/test using the aforesaidretrieved authenticating data (e.g., the amount of a mortgage payment).It is to be appreciated and understood the functionality of theaforesaid authentication user test (step 330) is to strengthen theindividual authentication and enrollment requirements and furtherdecrease an imposter's ability to enroll under an alias. For instance, aquestion presented may be the amount of the user's monthly mortgagepayment and/or identify the most recent user employers. Thus, withregards to the aforementioned authentication user test (step 330),system 200 has incorporated an additional step in the secure memberenrollment process. That is, system 200 has made the successful“in-person” completion of an identity authentication test, (i.e., apersonalized questionnaire populated by commercially available data) asan additional eligibility requirement. In one embodiment, the identityauthentication test consists of posing applicants randomized questionsplus an auxiliary question. To successfully complete the quiz, anapplicant user 290 preferably answers a predetermined number ofquestions correctly during a limited time period while being observed byan enrollment specialist. If an applicant/user 290 does not properlyrespond to the randomized questions and successfully complete the quiz,the applicant/user 290 is preferably not permitted to complete theenrollment process.

Upon the successful authentication of the applicant user's 290 identitydocuments and the passing of the aforesaid identity authentication test(step 330), each kiosk 250 is additionally preferably configured andoperative to collect user biometric information (e.g., fingerprints,retain/iris scan, facial image, voice and the like) (step 340).

The collected applicant/user 290 biometric Information (step 340) isprovided to the payload processor system 220 (step 360). Which payloadprocessor system 220 formats a user 290 biometric template based uponthe user's collected biometric information (step 340) which is then sentto the central processing system 210 (step 350). The user 290 biometrictemplate is then preferably sent from the central processing system 210to the card production system 230 which produces a user identificationtoken such as a smartcard having embedded or links to user biometric andbiographic information using any known means (smart chip, magneticallyor optically encoded information and the like) (step 360). The useridentification token may then be issued to a user 290 for use thereof(step 370). It is to be understood and appreciated the invention is notto be understood to be limited to the use of such a user issued tokenresiding on a smart card or like device but rather pray encompassmatching a user's retrieved biometric inhumation with that previouslystored in system 200.

With reference now to FIG. 4, the process for user 290 use of theaforesaid user identification token will now he briefly discussed.Starting at step 410, an enrolled user 290 presents the useridentification token to a kiosk 250 associated with a third partyrequiring identity verification of the user 290 (e.g., airport security,admittance to an event requiring heightened security, or to a merchantdesiring to verify a client m lilting payment using a credit card orother ACH type of payment). Next, the kiosk 250 is configured andoperative to confirm a biometric match between biometric data stored forthe user 290 on the user identification token or in the centralprocessing system 210 and the matching biometric features of the user290 collected at the time of verification (step 420). if there is amatch, the user's identity is verified and authenticated (step 430).

As used herein, the term “software” is meant to be synonymous with anycode or program that can be in a processor of a host computer,regardless of whether the implementation is in hardware, firmware or asa software computer product available on a disc, a memory storagedevice, or for download from a remote machine. The embodiments describedherein include such software to implement the equations, relationshipsand algorithms described above. One skilled in the art will appreciatefurther features and advantages of the invention based on theabove-described embodiments. Accordingly, the invention is not to belimited by what has been particularly shown and described, except asindicated by the appended claims. All publications and references citedherein are expressly incorporated herein by reference in their entirety.

Optional embodiments of the present invention may also be said tobroadly consist in the parts, elements and features referred to orindicated herein, individually or collectively, in any or allcombinations of two or more of the parts, elements or features, andwherein specific integers are mentioned herein which have knownequivalents in the art to which the invention relates, such knownequivalents are deemed to be incorporated herein as if individually setforth. For instance, while the above illustrated embodiments makereference Lo a user token dedicated for use of a user's identificationin an airport environment, other embodiments encompass using a tokendedicated for another purpose such as a credit or debit card whichincorporates the biometric authentication features mentioned above,along with the aforesaid secure enrollment process (FIG. 3).

The above presents a description of a best mode contemplated forcarrying out the present invention identity authentication and biometricverification system and method, and of the manner and process of makingand using the identity authentication and biometric verification systemand method, in such full, clear, concise, and exact terms as to enableany person skilled in the art to which it pertains to make and use thesedevices and methods. The present invention identity authentication andbiometric verification system and method is, however, susceptible tomodifications and alternative method steps from those discussed abovethat are fully equivalent. Consequently, the present invention identityauthentication and biometric verification system and method is notlimited to the particular embodiments disclosed. On the contrary, thepresent invention identity authentication and biometric verificationsystem and method encompasses all modifications and alternativeconstructions and methods coming within the spirit and scope of thepresent invention.

The descriptions above and the accompanying drawings should beinterpreted in the illustrative and not the limited sense. While theinvention has been disclosed in connection with the preferred embodimentor embodiments thereof, it should be understood that there may be otherembodiments which fall within the. scope of the invention as defined bythe following claims. Where a claim, if any, is expressed as a means orstep for performing a specified function, it is intended that such claimbe construed to cover the corresponding structure, material, or actsdescribed in the specification and equivalents thereof, including bothstructural equivalents and equivalent structures, material-basedequivalents and equivalent materials, and act-based equivalents andequivalent acts.

1.-21. (canceled)
 22. A biometric identification system, comprising: atleast one non-transitory storage medium that stores instructions; and atleast one processor that executes the instructions to: receive inputinformation regarding an identity of a person from an input component ofan electronic device; receive first document information from at leastone second input component of the electronic device that scanned a firstdocument associated with the identity of the person, the first documentcomprising at least one of a passport, a driver's license, a stateidentification, or a military identification; receive second documentinformation from the at least one second input component of theelectronic device that scanned a second document associated with theidentity of the person, the second document comprising a boarding pass;electronically retrieve data source information relating to the identityof the person from at least one data source; authenticate the identityof the person based on the input information, the first documentinformation, the second document information, and the data sourceinformation; upon authenticating the identity of the person, receivebiometric data for the person electronically collected using a biometriccapture device of the electronic device; and upon confirming a biometricmatch between the biometric data and received biometric data from anairport security device, transmit an indication to the airport securitydevice to admit the person.
 23. The biometric identification system ofclaim 22, wherein the airport security device comprises an airportsecurity checkpoint.
 24. The biometric identification system of claim22, wherein the airport security device comprises an airport boardinggate.
 25. The biometric identification system of claim 22, wherein thebiometric data comprises a facial image.
 26. The biometricidentification system of claim 22, wherein: the biometric match is afirst biometric match; the received biometric data is first receivedbiometric data; the airport security device is a first airport securitydevice; the indication is a first indication; and upon confirming asecond biometric match between the biometric data and second receivedbiometric data from a second airport security device after transmittingthe first indication, the at least one processor transmits a secondindication to the second airport security device to admit the person.27. The biometric identification system of claim 26, wherein the firstairport security device and the second airport security device arelocated at a same airport.
 28. The biometric identification system ofclaim 22, wherein the electronic device and the airport security deviceare located at a same airport.
 29. A biometric identification system,comprising: at least one non-transitory storage medium that storesinstructions; and at least one processor that executes the instructionsto: receive input information regarding an identity of a person from atleast one input component of an electronic device; receive firstdocument information from a first document associated with the identityof the person via the at least one input component of the electronicdevice, the first document comprising at least one of a passport, adriver's license, a state identification, or a military identification;receive second document information from a second document associatedwith the identity of the person via the at least one input component ofthe electronic device, the second document comprising a boarding pass;electronically retrieve data source information relating to the identityof the person from at least one data source; authenticate the identityof the person based on the input information, the first documentinformation, the second document information, and the data sourceinformation; upon authenticating the identity of the person, receivebiometric data for the person electronically collected using a biometriccapture device of the electronic device; and upon confirming a biometricmatch between the biometric data and received biometric data from anairport security device, transmit an indication to the airport securitydevice to admit the person.
 30. The biometric identification system ofclaim 29, wherein the biometric data comprises at least one of afingerprint, a retina scan, an iris scan, a facial image, or a voice.31. The biometric identification system of claim 29, wherein: thebiometric match is a first biometric match; the received biometric datais first received biometric data; the indication is a first indication;and upon confirming a second biometric match between the biometric dataand second received biometric data from a third party device, the atleast one processor transmits a second indication to the third partydevice verifying the identity of the person.
 32. The biometricidentification system of claim 29, wherein the at least one processorverifies the first document information using the data sourceinformation.
 33. The biometric identification system of claim 29,wherein the at least one processor verifies the first documentinformation using the data source information.
 34. The biometricidentification system of claim 29, wherein the biometric capture devicecomprises a camera.
 35. The biometric identification system of claim 29,wherein the biometric data comprises a biometric template formattedbased upon biometric information collected by the biometric capturedevice.
 36. A biometric identification system, comprising: at least onenon-transitory storage medium that stores instructions; and at least oneprocessor that executes the instructions to: receive input informationregarding an identity of a person from at least one input component ofat least one electronic device; receive first document information froma first document associated with the identity of the person via the atleast one input component of the at least one electronic device, thefirst document comprising at least one of a passport, a driver'slicense, a state identification, or a military identification; receivesecond document information from a second document associated with theidentity of the person via the at least one input component of the atleast one electronic device, the second document comprising a boardingpass; electronically retrieve data source information relating to theidentity of the person from at least one data source; authenticate theidentity of the person based on the input information, the firstdocument information, the second document information, and the datasource information; upon authenticating the identity of the person,receive biometric data for the person electronically collected using abiometric capture device of the at least one electronic device; and uponconfirming a biometric match between the biometric data and receivedbiometric data from an airport security device, transmit an indicationto the airport security device to admit the person.
 37. The biometricidentification system of claim 36, wherein the at least one electronicdevice deletes the biometric data after the biometric data is receivedby the at least one processor.
 38. The biometric identification systemof claim 36, wherein the at least one electronic device comprises athird party computing device.
 39. The biometric identification system ofclaim 36, wherein the at least one electronic device comprises a kiosk.40. The biometric identification system of claim 36, wherein thebiometric capture device comprises at least one of a fingerprint capturedevice, an iris capture device, or a camera.
 41. The biometricidentification system of claim 36, wherein the at least one electronicdevice does not store personally identifiable information for theperson.